Add documentation and a changelog entry Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

commit: 1bc7df2540d37459a30ea652af3d7a15e2bbf083 [log] [tgz]
author: Andrzej Kurek <andrzej.kurek@arm.com> Tue Apr 04 07:09:04 2023 -0400
committer: Andrzej Kurek <andrzej.kurek@arm.com> Wed May 17 15:23:56 2023 -0400
tree: 71afc6c04d939fa3b3d800d2f49db7968b1a1382
parent: 76c9662e8eefdc9768cfa34e9d43e2b26d36ba9b [diff]
diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt
new file mode 100644
index 0000000..487e5c6
--- /dev/null
+++ b/ChangeLog.d/add-subjectAltName-certs.txt

@@ -0,0 +1,6 @@
+Features
+   * It is now possible to generate certificates with SubjectAltNames.
+     Currently supported subtypes: DnsName, UniformResourceIdentifier,
+     IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+     See mbedtls_x509write_crt_set_subject_alternative_name for
+     more information.

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 8582e76..ef4d75d 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h

@@ -473,7 +473,6 @@
                                size_t val_len);
 int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
                                   mbedtls_asn1_named_data *first);
-
 int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
                              mbedtls_asn1_named_data *first);
 int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 57e3cce..537408e 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -241,6 +241,18 @@
 }
 mbedtls_x509write_cert;
 
+/**
+ * \brief           Set Subject Alternative Name
+ *
+ * \param ctx       Certificate context to use
+ * \param san_list  List of SAN values
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note            "dnsName", "uniformResourceIdentifier", "IP address",
+ *                  "otherName", and "DirectoryName", as defined in RFC 5280,
+ *                  are supported.
+ */
 int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
                                                        const mbedtls_x509_san_list *san_list);
 

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index bcc9cb0..04ce984 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c

@@ -153,7 +153,6 @@
     return 0;
 }
 
-
 int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
                                                        const mbedtls_x509_san_list *san_list)
 {

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ac6187a..477b47b 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c

@@ -925,7 +925,7 @@
 
         if (ret != 0) {
             mbedtls_printf(
-                " failed\n  !  mbedtls_x509write_csr_set_subject_alternative_name returned %d",
+                " failed\n  !  mbedtls_x509write_crt_set_subject_alternative_name returned %d",
                 ret);
             goto exit;
         }
commit	1bc7df2540d37459a30ea652af3d7a15e2bbf083	[log] [tgz]
author	Andrzej Kurek <andrzej.kurek@arm.com>	Tue Apr 04 07:09:04 2023 -0400
committer	Andrzej Kurek <andrzej.kurek@arm.com>	Wed May 17 15:23:56 2023 -0400
tree	71afc6c04d939fa3b3d800d2f49db7968b1a1382
parent	76c9662e8eefdc9768cfa34e9d43e2b26d36ba9b [diff]